DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency

from the that's-not-good dept

Last week, we noted that Google had publicly requested from the DOJ that it be allowed to reveal information about the FISA surveillance requests it gets, and put them in its well-respected transparency report. Facebook, Microsoft and Twitter quickly followed with similar requests. Late Friday, the DOJ "gave permission," but in perhaps the most useless way possible. Facebook was the first to post the data that the DOJ allowed it to post, and you might immediately see the problem:

As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range...

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

Right. So you may notice that this tells us absolutely nothing about the FISA requests. Because the only way that it could actually reveal anything was to bury them in with every other possible type of request. Facebook did, properly, point out that this wasn't really all that transparent:

This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).

Microsoft, too, noted the limitation that the DOJ gave them:

We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.

There is one interesting tidbit:

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

Considering that this surveillance program -- the so-called "business records" search, which comes from Section 215 of the Patriot Act with a still-secret interpretation by the FISA Court that appears to allow blanket requests for pretty much all data -- is the much more serious issue, it's nice to see Microsoft being able to say that it has received no such orders.

Google and Twitter also both received the same "permission," but both quickly realized that this was not transparency at all. Lumping in FISA requests with everything else does absolutely nothing to reveal the extent of those FISA requests. In fact, it obfuscates them:

“We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”

We agree with @Google: It's important to be able to publish numbers of national security requests—including FISA disclosures—separately.

So, once again, we have the federal government pretending to be transparent, when it's really not. It's only trying to hide the actual number of FISA requests and the number of users impacted. Frankly, this whole demand for excess secrecy over these things makes no sense at all. What could we possibly be "alerting our enemies" to if there were broad general numbers of the number of FISA requests that were sent to Google, Twitter, Facebook and Microsoft? Sure, the actual information requested should remain secret. But the number of requests? That makes no sense at all.

Here we go again, distancing evil NSA from friendly Google.

Google is part of the NSA, a self-funding commericial front.

This "leak" is almost definitely a limited hangout psyop. Anger is being focused at the NSA and diffused from the corporations. All will go on same as before, except that now the people are accustomed to a new level of tyranny.

Paraphrasing Naomi Wolf on Facebook: What's the point of having the NSA sweep up all this data if the people don't know about it and aren't in fear?

Take a loopy tour of Techdirt.com! You always end up same place!http://techdirt.com/
Where Mike's "no evidence of real harm" means he wants to let secretive mega-corporations continue to grow.01:36:53[b-297-8]

So what, now we are supposed to trust what they are telling us?

I for one was not shocked by this but do the tech companies honestly expect us to now trust them? Srsly? They can take a flying ..... at a rolling doughnut. I will never trust any of these spineless companies again.

Re:

So, once again, we have the federal government pretending to be transparent, when it's really not. It's only trying to hide the actual number of FISA requests and the number of users impacted.

It seems to me that request were made for more transparency, and they got more transparency. It isn't complete and total transparency, but it's more than before. Let me ask you this: Why is it so important to you that you have these exact numbers? I get the sense that you're just complaining for the sake of complaining. Can you shed some light on what you'd do with those numbers? Can YOU be more transparent?

Re: Re:

If Mike is going to discuss the text of the statute, it makes sense to me that he'd provide the text of the statute. Basic stuff, IMO. I thought that post was relatively civil on my part. Should I start acting like you?

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

I would argue that no data point is too small to conceal. By confirming that they have received no such orders, they enable a wily opponent to triangulate the data and obtain a "road map" of US intelligence activities.

Re: Re:

presenting the counts

These companies are only allowed to present the national security requests mixed in with other numbers, you know, for obfuscation purposes. Is there a way to get the "other" numbers without the obfuscated national security numbers? Because, you know, analysing the "other stuff" without the obfuscation is important too.....

Re: Re: Here we go again, distancing evil NSA from friendly Google.

Most entertaining conspiracy theory I've heard in the last five hours... of course the only OTHER conspiracy theory I've run across today involved the Illuminati... so the competition isn't really what you'd call fierce.

Re: Re: Re:

Re: Re: Re:

If say 5,000 out of 10,000 requests were FISA requests, then one could conclude that they were interpreting terrorist rather more broadly that the public, like including protest leaders. If there were only one or two, the value of a total surveillance program is called into doubt.

Re: Re: Re:

It's "LESS" because they were already allowed to release most of these numbers anyway and now they're not allowed to release them without aggregating them. The numbers are less clear than before hence less transparent.

Re:

That was my thought. Google said they already publish law enforcement requests, so publishing the aggregate data for that and FISA requests should make it a simple matter of subtraction to find the number of FISA requests alone.

But... But... TERRORISM!!

One of the reasons that the number of requests that have to do with national security as a separate quantity is important is because proponents of these invasive and unconstitutional snooping measures keep yelling "but TERRORISM!" to justify their criminal data gathering efforts all in the name of national security. If we have at very least the number of requests pertaining to National Security then those who are screaming about how these invasive privacy violations have actually really prevented terrorist attacks then they may have at least a shaky leg to stand on.
But as it is now with the lack of transparency citizens are left to assume that these arguments of blanket data collection without probable cause and without a warrant are unjustified and certainly unconstitutional.

it's obviously been done like this because there were no threats retrieved or discovered about anyone, from anything, living anywhere, ie, NO TERRORIST THREATS! the one thing that did happen, that should have been discovered if all this surveillance had been any good, was the Boston Incident. the authorities either had learned nothing or ignored what they had learned, because the incident still occurred! therefore the whole surveillance thing was a waste of time and resources as the information used was all the ordinary stuff used by ordinary, local police! bit of a friggin' joke, dont you think??

OOTB, let me guess... you also believe the moon lands were a hoax, and there's a counter earth on the other side of the sun...

On a more serious note, while Google is certainly not the bad guy in this story, they are by no means entirely innocent. Their own continued data mining, and target advertising programs collect massive amounts of sensitive information on their users. Its no small wonder why the NSA harasses them for this data...

On the other hand, perhaps the most important distinction is that Google, being a corporation has to abide by at least *some* laws, while the NSA has no such restriction, it can make, interpret or ignore laws as it sees fit.

Re: Re: Re:

Re: So what, now we are supposed to trust what they are telling us?

spineless companies

Yes, if these companies have the data (as in the case of Google and Twitter) they should go ahead and publish them separately in spite of the "law." Then let the government go after them...and maybe awaken the sheeple because the bad guy is messing with their Google/Twitter.

Re: Re: Re:

I assume you know the exact number of FISA requests don't you? I mean, it is TRANSPARENT, right? My guess is that these companies received any number of FISA requests varying from 0 to infinity. Sounds transparent!

Re: Re:

It is not less transparency. It is more transparency granted the presupposition of no transparency at all if they hadn't asked...

However, I think it is pretty clear that what is being asked for by Google/Twitter is a possibility to show something about the extend of the actual contriversial parts. Since that is not a possibility here, it is a very low value transparency, not showing anything at all about the extend of the more problematic requests. That makes the transparency next to worthless for these companies.

Re: Here we go again, distancing evil NSA from friendly Google.

Can we automatically replace his sig with the following from now on?

Take a loopy tour of out_of_the_Blue! You always end up nowhere near the topic at hand!
Where OOTB "I make up connections where none exist" lives up to his name to derail attempts to talk about topics he dislike.01:36:53[b-297-8]

Why do I need to be afraid of a foreign 'enemy' when my own government is acting this way? All the violations of constitutional rights I was raised to despise Russia and China for are now somehow magically justified if done to us by our own government? What's the real difference between any of them?

Re:

There is a subtle difference between governments.
Under the socialist system, the government owned the corporations, and ran the country to suite the elite.
Under capitalism, the corporations own the government, and run the country to suite the elite.

Loophole

"We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users.

Google should published the aggregated result while continuing to publish the information they currently publish. As such, we could do a simple subtraction to get the information we desire.

Re: Re: So what, now we are supposed to trust what they are telling us?

Well based on what I read they can actually publish it. They are only allowed to publish ranges if it includes all law enforcement requests as well, right?

Well do that, but then publish the non-classified numbers separately. Being that it's not classified or sealed, it's a first amendment violation to prevent them from disclosing regular law enforcement requests.